From owner-freebsd-vuxml@FreeBSD.ORG Mon Mar 7 15:50:33 2005 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4E0416A4CE; Mon, 7 Mar 2005 15:50:33 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 565BD43D3F; Mon, 7 Mar 2005 15:50:33 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id D47FC3E2F38; Mon, 7 Mar 2005 09:50:32 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 1001) id 4DBE7622DFB; Mon, 7 Mar 2005 09:50:32 -0600 (CST) Date: Mon, 7 Mar 2005 09:50:32 -0600 From: "Jacques A. Vidrine" To: Xin LI Message-ID: <20050307155031.GE3503@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Xin LI , Kang Liu , freebsd-vuxml@freebsd.org, delphij@freebsd.org References: <310205489.09789@bjut.edu.cn> <1110209378.669.42.camel@spirit> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Content-Disposition: inline In-Reply-To: <1110209378.669.42.camel@spirit> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org cc: delphij@freebsd.org Subject: Re: possible wrong date in 4a0b334d-8d8d-11d9-afa0-003048705d5a X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 15:50:34 -0000 On Mon, Mar 07, 2005 at 11:29:38PM +0800, Xin LI wrote: > 在 2005-03-07一的 22:41 +0800,Kang Liu写道: > > Hi, > > The discovery date of 4a0b334d-8d8d-11d9-afa0-003048705d5a might be > > wrong. I've told delphij (the submitter of that entry), while he said that > > date came from the original source. But, as we all know, 2005 is not leap > > year, actually there is no Feb 29th 2005...I think it could be better if we > > change it to Feb 28th 2005. > > Thanks for noticing this. I'm aware of the issue, but it is the > official version claims Feb 29th: > > http://216.127.76.78/~neosecur/index.php?pagina=advisories&id=8 > > And my letter has been bounced before I have decided to commit it as-is. > > I'm inclined in keeping it there until some of us can *actually* contact > the author to confirm the discovery date. Replacing an official (while > it appears to be wrong) date with a guessed value (we will never know if > it is or is not wrong, and I personally infer it should be March 1st) is > more or less pointless. No, it must be changed and I have already done so. It is unacceptable to have an invalid date: VuXML applications are encouraged to get mad when encountering such bogus data (^_^). I've changed it to 2005-02-28 in the interim. The date cannot be `official'... it is not a date any more than 2005-99-99 is a date. The "discovery" date is actually the date of first public disclosure, by the way. Thus, it seems that 2005-03-02 is probably most accurate. However, it isn't really important. It is just to give people an idea of how long they may have been exposed. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org